I want to filter out this messages. They are generated by the user crontabs running every minute:
type=USER_END msg=audit(1611873842.675:459608): pid=19114 uid=0 auid=10061 ses=480462 subj==unconfined msg='op=PAM:session_close acct="web59" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1611873842.695:459609): pid=19115 uid=0 auid=10144 ses=480463 subj==unconfined msg='op=PAM:setcred acct="web137" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
I cannot filter by userid because the userids are changing. As new users are added to the system I do not want to add them manually to auditd. So the only possibility is filter by msg content. But how do I do it?
